Sebastien Pavie: Data protection is constantly increasing in scope and difficulty. While organisations have long needed to safeguard their intellectual property and confidential information, technological advancements and new business models introduce new actors, threats and regulations. As a result, organisations need to think beyond the traditional models of securing the perimeter and locking down specific segments of the IT infrastructure in order to formulate their data protection goals.

With attacks becoming increasingly sophisticated, it’s only a matter of time before security walls are breached and data falls into the hands of the predator. Prevention and threat detection is just one layer of data protection. While this is important, the next and most important level of protection should surround the data itself. Measures such as data encryption, multi-factor authentication and access controls that provide additional layers of security should be considered. Traditionally, businesses have focused their IT security on perimeter defence and blocking threats before they enter the network. Today, businesses need an ‘inside-out’ protection that focusses on the data. In the new reality of IT security, the best offense is now the best defence and encryption is the key to that.

ACN: Could you highlight the leading trends around data breaches in the Middle East and how prevalent is the issue?

SP: In a world driven by data, risk can become reality in a matter of moments. All organisations around the world, with the Middle East region as no exception, face numerous challenges whilst safeguarding information collected and shared across a variety of settings. According to findings from Gemalto’s H1 2016 Breach Level Index, data breaches in the Middle East increased by 50% in the first six months of 2016 compared to the last six months of 2015. Additionally, 10,537,437 data records were compromised compared to 66,050 records previously, across the Middle East. On a corporate level, Middle Eastern organisations have incurred a total financial loss of approximately $1.5m over the last five years due to system perimeter breaches according to findings from Gemalto’s annual Data Security Confidence Index. The average cost of detecting and fixing these breaches was $35m.

Company Articles

Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organisations continue to believe that basic perimeter security technologies are effective. All organisations surveyed in the Middle reported said they experienced a breach at some time over the past five years. This suggests that organisations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security. This trend continues to be prevalent in this region and beyond.

ACN: How can companies better improve data privacy and how valuable is data encryption becoming?

SP: Companies, organisations and governments are storing greater amounts of data that have varying levels of sensitivity. At the same time, it is clear that data breaches are inevitable and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach. That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it. At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption.

In the business world, more and more companies are moving their data to the cloud and are using encryption to protect it. As a result, key ownership is even more important in order to maintain total control of the encrypted data in the cloud — for security as well as compliance. The latest trend is for companies to give its customers full control over the keys that play a critical role in the encryption of their data. This feature is referred to as the ‘customer-managed key’ and represents a critical divergence from other popular services, such as Salesforce.com and AWS, which manage the keys for the customer. This approach gives control back to the owner of the data, and an external vulnerability is removed from the equation.